app wrapping (application wrapping)
What is app wrapping (application wrapping)?
App wrapping (application wrapping) is applying a management layer to an existing mobile app. It is typically done by an organization using third-party tools. App wrapping is done to increase an app's security, manageability and analytics.
App wrapping is a method that allows users to access organizational data on devices while giving the organization the ability to maintain control of it.
Many organizations are using mobile apps for business purposes. These apps can be developed in-house, purchased as turnkey solutions or be third-party services. Often, they are used on BYOD or corporate-owned, personally enabled (COPE) devices. The apps may be used with confidential materials that the organization needs to maintain control of. The organization may be legally required to maintain control of the data and ensure it is encrypted and audited.
Coding proper management capabilities into an app is difficult, especially if encryption or access controls is needed. Adding these features to an existing app requires costly reprogramming and may not be possible for some purchased apps. Wrapping a compatible app can provide management capabilities to existing apps without any programming.
App wrapping is primarily done for Android (Android Package Kit) and iOS (.ipa file) apps. It is used as part of an enterprise mobility management (EMM) strategy. Increasingly, app wrapping is being done for Windows and macOS programs with unified endpoint management (UEM).
These wrapped apps need to be distributed through a corporate app store, portal or mobile device management (MDM) software. They cannot be downloaded from the normal app store.
Abilities added by app wrapping
App wrapping adds several capabilities to mobile applications, including the following:
Security. App wrapping can add additional security to apps that may not support it natively. This may include encryption, authentication, remote erase, copy protection and screenshot limits.
Management. Apps can be assigned based on roles. They can be automatically updated.
Analytics. App usage and data access can be tracked and audited.
Features added by app wrapping
Features added by app wrapping include the following:
Single sign-on. Users only sign in once to access all their corporate data.
Jailbreak detection. Block use on jailbroken and compromised devices.
Inactivity lock. Require the user to reauthenticate after a period of inactivity or every time the app is closed.
Remote wipe. Administrators can initiate an automatic erase of corporate data.
Encrypt at rest. Enforce device or per-app encryption. This can comply with government requirements, such as Federal Information Processing Standards.
Per-app VPN. Encrypt data in transit and allow access to on-premises resources. This can be enforced regardless of the device's internet connection via VPN.
Block data exfiltration. Stop screenshots, copy/paste, file exports and printing.
Benefits of app wrapping
There are several advantages to app wrapping for organizations:
Unified deployment. All applications are controlled from a central point. A single organization-wide policy can be set that affects all applications. Users don't need to log into apps from different providers.
Low-code/no-code. Some app wrapping services can take off the shelf apps and add the wrapper without any changes required to the underlying app. In-house developed apps can be migrated to an app wrapping platform with no changes or only minimal ones.
Disadvantages of app wrapping
There are several drawbacks to app wrapping, however:
More resource intensive. Since app wrapping adds additional rules and policies on top of an app, they are often somewhat less responsive and more resource intensive than non-wrapped apps.
No first-party support. Since app wrapping makes a custom app each time, there is usually no support from first-party vendors. The apps are not available on native app stores and must be downloaded through another means.
No standard implementations. There is no app wrapping standard. Each app wrapping vendor may use different methods and APIs to implement its controls. Each app may operate differently and may not have a unified feature set.
How to do app wrapping
App wrapping is often offered as a service. The service manages all the back-end enforcement and control of app wrapping. Some major app wrapping providers are IBM MaaS360, Microsoft Intune and VMware Workspace One.
Each business will need to request developer app signing keys from Apple and Google. These are used to authenticate the repackaged apps and allow them to be installed on iOS and Android devices.
The desired app can then be repackaged. For some providers this is all done online; the app and signing key are uploaded to the vendor and the wrapped app can then be downloaded. For other vendors, a program is used to repackage and sign on a local computer.
The repackaged app then needs to be delivered to employees. This can be done with a web portal, corporate app store, or through EMM/UEM providers.
See how to evaluate mobile application management software and how mobile application management tools balance service and cost. Learn about the differences between mobile device management vs. mobile application management and where they overlap.